Snort mailing list archives
Initial public release: Charlotte
From: Richard Monk via Snort-users <snort-users () lists snort org>
Date: Wed, 21 Mar 2018 13:51:28 -0400
Hi folks! We've been using an in-house alternative to barnyard for a few years now and I've finally gotten around to putting in some readme and a license so we can open-source it. I've published the 1.0.3 release to github[1]. Charlotte (as in, the spider that saves the pig) attempts to overcome some of the problems we had with barnyard in our deployment (50+ sensors, 300+ snort instances, massively geographically diffuse) with Snorby integration. It can function as a drop-in replacement for barnyard, or run in a more centralized fashion, reading rsync-ed unified directories. After pushing this out, I realize that the unified-sender script may be useful as well to people, to avoid having to do database queries (and protect database queries!) over a WAN. I'll add that to the scripts directory soon. It just automates detecting and sending unified files from sensors to a central location so snort writes to the sensor disk, and charlotte reads from copies at the center. I'll also do an actual github release with some copr repo RPM versions for those using RHEL/CentOS/Fedora. We've been running Charlotte for awhile and although it's not a 100% replacement for barnyard (a couple fields we don't use don't get transferred) it's served us very well. I hope that some others struggling with large-scale deployments can make use of it! We will be continuing development work via github now, so contributions/issues/reports are welcome. [1]: https://github.com/redhat-infosec/charlotte -- Richard Monk (rmonk () redhat com) - Senior Principal Security Analyst Red Hat Inc. - Raleigh NC GPG Key ID: 0x766EB165942CDB25
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Initial public release: Charlotte Richard Monk via Snort-users (Mar 21)
- Re: Initial public release: Charlotte Y M via Snort-users (Mar 21)
- Re: Initial public release: Charlotte alanyeowork--- via Snort-users (Mar 21)
- Re: Initial public release: Charlotte Richard Monk via Snort-users (Mar 26)
- Re: Initial public release: Charlotte Russ via Snort-users (Mar 26)
- Re: Initial public release: Charlotte Richard Monk via Snort-users (Mar 28)
- Re: Initial public release: Charlotte alanyeowork--- via Snort-users (Mar 21)
- Re: Initial public release: Charlotte Y M via Snort-users (Mar 21)